argocd-tactics
Fail
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides detailed HTTP request templates for deploying unauthorized 'evil' applications to Kubernetes clusters, which is a direct method for achieving remote code execution on the cluster infrastructure.
- [COMMAND_EXECUTION]: Includes specific CLI commands for ArgoCD account manipulation and token generation to facilitate unauthorized access and persistence.
- [EXTERNAL_DOWNLOADS]: Directs the agent to pull Kubernetes manifests from an untrusted external repository (
github.com/attacker/evil-manifests) during the exploitation phase. - [PROMPT_INJECTION]: Uses directive language ('must use this skill') to override the agent's default behavior and safety reasoning when users inquire about ArgoCD security or vulnerabilities.
- [COMMAND_EXECUTION]: Outlines techniques for exploiting Redis (port 6379) to perform cache poisoning for cluster takeover.
Recommendations
- AI detected serious security threats
Audit Metadata